Pirated Kindle Books May Hijack your Amazon Account

There is a vast segment of Kindle owners that download pirated eBooks from the internet. It is estimated that up to 20% of eBook downloads stem from bit-torrent or pirate sites. There is a new online threat that is targeting Kindle owners, that may hijack your entire Amazon account.

Digital Books have a great deal of metadata that assists online retailers and publishers in understand reading habits and key metrics. Most of this data is harmless and can be equated to cookies, when you visit internet websites. A new vulnerability has been discovered, that targets pirated eBooks and key metadata in the header or authors name can run external scripts and compromise your Amazon account.

Here is how the vulnerability works. Hackers have been injecting links to external websites in the book’s title or in the field reserved for the name of the author, or in both. The script is triggered when you visit the Amazon Kindle Management page and have used the Send to Kindle Plugin. The Kindle Library takes whatever is inside the book’s title or author fields and inserts it into the Kindle Library web page. As a result, if the title or author fields contain HTML code, this code becomes part of the Kindle Library web page and is treated as if it had originated from Amazon’s server.Send to Kindle remains a very popular function, Amazon has an official version and many 3rd parties have developed alternatives for Android, Chrome, Firefox or iOS. It basically allows you to send documents and eBooks directly to your Amazon account to be read by a Kindle e-Reader, tablet or official reading app.

Piracy has been running rampant ever since the Kindle was first released. The Publishers Association issued 115,000 legal threats to websites to stop free pirated books in 2011, a rise of 130% on 2010. Many websites and file sharing services allow anyone to download them, and the person who cracked it normally just wants to give it away. This new vulnerability should give you pause, that a free eBook may come with a catch.

Michael Kozlowski is the Editor in Chief of Good e-Reader. He has been writing about audiobooks and e-readers for the past ten years. His articles have been picked up by major and local news sources and websites such as the CBC, CNET, Engadget, Huffington Post and the New York Times.

I’m slightly confused by this. It doesn’t affect books purchased on the Kindle website does it? (I’m confused because of the screen shot of the Manage My Devices Page). I only buy books through the Kindle site or check them out at the library. I don’t have to worry about my account being hijacked, right?

This type of malicious code is only evident so far in MOBI and AZW books downloaded from file sharing sites, pirate eBook sites and bittorrent.

Anna

Thanks 🙂

Karl

I am totally, TOTALLY not buying your first two sentences without some kind of citation to a reliable source.

And I’m suspicious of this “hack” in general. It sounds too much like a piece of fear-mongering that publishers would *like* people to believe, sort of like the exaggerated health risks of abortion that anti-abortion activists often repeat.

Frank

References would be very helpful. Where is this information coming from?

Anonymouse

If you were sending pirated books to your kindle, would it not be rather easy to make a script that checked for this type of malicious code and remove it before sending to the Kindle?

Why, yes! I’m quite certain that it would be. Problem will be solved within the week by someone.

Anonymouse

This issue may occur with every file. Someone could manipulate a CC-licensed ebook and spread the file. Or maybe an user gets on a fake site with perfectly normal documents (like manuals) and wants to add them to their library., so this issue is not limited to ‘pirated ebooks’. This is actually a problem on Amazon’s side. They need to fix it. The issue was already fixed in the previous version of their website and reoccured, as the original author states.

My Kindle Paperwhite got frozen (I think from moisture) and Amazon agreed to exchange it for me for an early model. I have some pirated e-books on it. Will be they able to find them and if so can I expect a problem?